authentication in AD problem

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hi, we have a Windows 2000 Active Directory implemented. My company is
planning to create an intranet application and give a possibility to our
clients (and they have accounts in our AD) to log on from internet and use
that application. So, that app. will be placed in DMZ and IIS (placed in DMZ
to) will have to have an ability to LDAP query AD if that particular user is
authorized to use that app. and if password is ok. We are testing secure
LDAP query and it works fine. There is only one problem for as. If someone
break in on that server in DMZ, he will have an access to our AD and that is
what we do not wont!

I'm looking for some secure solution:)

PLEASE HELP
Thank's in advance!
adbos
3 answers Last reply
More about authentication problem
  1. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    We use AD and ONT's UIdP. It secures websites and authentication is
    integrated with AD. They are a gold partner with Microsoft. It isn't
    perfect but it is the best solution we could find. Just a small ISAPI
    filter is loaded on the web server in the dmz and all else is done
    internally, so you are well protected.

    see:
    http://www.opennetwork.com/

    --

    Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA

    This posting is provided "AS IS" with no warranties, and confers no rights.


    "adbos" <allemagnus@wp.pl> wrote in message
    news:d16n0k$g76$1@inews.gazeta.pl...
    > Hi, we have a Windows 2000 Active Directory implemented. My company is
    > planning to create an intranet application and give a possibility to our
    > clients (and they have accounts in our AD) to log on from internet and use
    > that application. So, that app. will be placed in DMZ and IIS (placed in
    DMZ
    > to) will have to have an ability to LDAP query AD if that particular user
    is
    > authorized to use that app. and if password is ok. We are testing secure
    > LDAP query and it works fine. There is only one problem for as. If someone
    > break in on that server in DMZ, he will have an access to our AD and that
    is
    > what we do not wont!
    >
    > I'm looking for some secure solution:)
    >
    > PLEASE HELP
    > Thank's in advance!
    > adbos
    >
    >
  2. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    thank you for your reply. i dont understand this "ONT's UIdP". i understand
    that ONT is some company and UIdP is a product of that company, but i cant
    find in on internet so, please, could you be more precise..
    thank you very much
    adbos


    "Paul Bergson" <pbergson_nospam@allete.com> wrote in message
    news:ui4%231jWKFHA.2716@TK2MSFTNGP15.phx.gbl...
    > We use AD and ONT's UIdP. It secures websites and authentication is
    > integrated with AD. They are a gold partner with Microsoft. It isn't
    > perfect but it is the best solution we could find. Just a small ISAPI
    > filter is loaded on the web server in the dmz and all else is done
    > internally, so you are well protected.
    >
    > see:
    > http://www.opennetwork.com/
    >
    > --
    >
    > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    >
    > This posting is provided "AS IS" with no warranties, and confers no
    rights.
    >
    >
    >
    > "adbos" <allemagnus@wp.pl> wrote in message
    > news:d16n0k$g76$1@inews.gazeta.pl...
    > > Hi, we have a Windows 2000 Active Directory implemented. My company is
    > > planning to create an intranet application and give a possibility to our
    > > clients (and they have accounts in our AD) to log on from internet and
    use
    > > that application. So, that app. will be placed in DMZ and IIS (placed in
    > DMZ
    > > to) will have to have an ability to LDAP query AD if that particular
    user
    > is
    > > authorized to use that app. and if password is ok. We are testing secure
    > > LDAP query and it works fine. There is only one problem for as. If
    someone
    > > break in on that server in DMZ, he will have an access to our AD and
    that
    > is
    > > what we do not wont!
    > >
    > > I'm looking for some secure solution:)
    > >
    > > PLEASE HELP
    > > Thank's in advance!
    > > adbos
    > >
    > >
    >
    >
  3. Archived from groups: microsoft.public.win2000.active_directory (More info?)

    ups:)
    i didn't see url...
    thank you:)

    "adbos" <allemagnus@wp.pl> wrote in message
    news:d16r9o$8ne$1@inews.gazeta.pl...
    > thank you for your reply. i dont understand this "ONT's UIdP". i
    understand
    > that ONT is some company and UIdP is a product of that company, but i cant
    > find in on internet so, please, could you be more precise..
    > thank you very much
    > adbos
    >
    >
    >
    > "Paul Bergson" <pbergson_nospam@allete.com> wrote in message
    > news:ui4%231jWKFHA.2716@TK2MSFTNGP15.phx.gbl...
    > > We use AD and ONT's UIdP. It secures websites and authentication is
    > > integrated with AD. They are a gold partner with Microsoft. It isn't
    > > perfect but it is the best solution we could find. Just a small ISAPI
    > > filter is loaded on the web server in the dmz and all else is done
    > > internally, so you are well protected.
    > >
    > > see:
    > > http://www.opennetwork.com/
    > >
    > > --
    > >
    > > Paul Bergson MCT, MCSE, MCSA, CNE, CNA, CCA
    > >
    > > This posting is provided "AS IS" with no warranties, and confers no
    > rights.
    > >
    > >
    > >
    > > "adbos" <allemagnus@wp.pl> wrote in message
    > > news:d16n0k$g76$1@inews.gazeta.pl...
    > > > Hi, we have a Windows 2000 Active Directory implemented. My company is
    > > > planning to create an intranet application and give a possibility to
    our
    > > > clients (and they have accounts in our AD) to log on from internet and
    > use
    > > > that application. So, that app. will be placed in DMZ and IIS (placed
    in
    > > DMZ
    > > > to) will have to have an ability to LDAP query AD if that particular
    > user
    > > is
    > > > authorized to use that app. and if password is ok. We are testing
    secure
    > > > LDAP query and it works fine. There is only one problem for as. If
    > someone
    > > > break in on that server in DMZ, he will have an access to our AD and
    > that
    > > is
    > > > what we do not wont!
    > > >
    > > > I'm looking for some secure solution:)
    > > >
    > > > PLEASE HELP
    > > > Thank's in advance!
    > > > adbos
    > > >
    > > >
    > >
    > >
    >
    >
Ask a new question

Read More

Authentication Active Directory Windows